[RFC][PATCH] collect security labels on user processes generating audit messages
Timothy R. Chavez
tinytim at us.ibm.com
Wed Feb 15 18:33:06 UTC 2006
On Wed, 2006-02-15 at 11:37 -0500, Stephen Smalley wrote:
> On Wed, 2006-02-15 at 11:22 -0500, Steve Grubb wrote:
> > This should be a separate thread since the topic is different.
> >
> > On Wednesday 15 February 2006 11:14, Linda Knippers wrote:
> > > Amy submitted a patch a while back to eliminate the "name=" field
> > > to avoid "name=(null)" from the audit records if there was no name
> > > but I don't think the patch went anywhere.
> >
> > Right. I want all audit fields to have name=value. If we have %s in the
> > message and pass NULL to it, snprintf is already going to put "(null)" so
> > what's wrong with just using this precedent?
>
> In that case, Tim doesn't need a special check for !ctx in his code at
> all.
FYI, if I just pass NULL to audit_log_format(), then <NULL> is printed
to the log, not (null). I just tried this.
-tim
More information about the Linux-audit
mailing list